The intruder is no doubt looking at your traffic. You should too. How will you know what's
not normal if you've never seen your normal traffic on the wire?

[an error occurred while processing this directive]

[an error occurred while processing this directive]

[an error occurred while processing this directive]

deny Deny DENY
By: Bagarre

[an error occurred while processing this directive]

Loading Document

If the page does not load, click here.
[an error occurred while processing this directive]
[an error occurred while processing this directive]

One of the biggest conflicts in the world of IT today is Security vs. Availability.
What good is a network if you can't talk to everyone else and how can you be safe
if anyone can access your network? There can be no clear winner. Both sides have to
give. The security folks have to understand that the network exists so that the
company can communicate with the world and the network guys have to understand that
the company will cease to exist if that network is unsafe. A compromise must be
made.

If the network guys want to open everything up, the security guys want to close
everything down. So, ask the questions. "What needs to be open on the network in
order to do day to business and why?" "Who does it need to be opened to and why?"
"What is absolutely bad things to open and why?" One thing to remember, it's
better and easier to start with everything closed and punch holes as needed. So,
start with a basic: deny all all. From the outside world (the internet) to you (the
intranet), "aint no one goin no where".

"Port 80 needs to be open to everyone in the world in order to access our website!"

"OK, Port 80 needs to be open for everyone in the world but only to our web server.
No one needs to access anywhere else in our network on that port. Furhtermore, if
any one network starts causing trouble with our website, we'll deny them as
needed."

Allow everyone port 80 to web server

"We have to be able to receive mail so, port 25 should be open too."

Allow everyone port 25 to mail server

"Some people work from home using telnet and ftp to the servers so, though in 23
and 21 as well."

"No. These two protocols are plagued with vulnerabilities and are an unacceptable
risk to the network. SSH allows the same functionality with much more security. We
can set up a gateway box that they can hop thru as well."

Allow everyone port 22 to gateway_box

"Use Windows shares to move files back and forth from home to the office. NetBIOS
ports need to be open."

"No way in Hell! There are far too many risks involved with NetBIOS to allow it to
travel in or out of our networks. These ports should never be opened. SSH or a VPN
tunnel should be considered."
[an error occurred while processing this directive]
[an error occurred while processing this directive]
One of the most common attacks against a Windows network is via NetBIOS,
port 139. With this, an attacker can enumerate all of your computers,
usernames, password policies, drive shares, printers, domain controllers
and much more. Also, they can use this info to gain access to your
network and do most anything they want!

....and on down the line you go until you have made a list of allowable points of
access, better known as an Access Control List or ACL. The above is pseudo code for
the most part and would have to be translated into your router's wording of course.

By using your router's ACLs, you can make a basic firewall that will stop dozens of
different types of attacks! How can they attack things they can't even connect to?
Aside from the internal threat (discussed later on this site) you don't even have
to worry about it anymore.